CVE-2025-61669
Jupyter Server Open Redirect via Login URL
Publication date: 2026-05-05
Last updated on: 2026-05-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jupyter | jupyter_server | to 2.18.0 (exc) |
| jupyter | jupyter_server | 2.18.0 |
| jupyter_server | jupyter_server | to 2.17.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows attackers to redirect users to arbitrary external domains, facilitating phishing attacks that could compromise user trust and potentially lead to unauthorized disclosure of sensitive information.
Such phishing attacks may impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and disclosure.
By enabling redirection to malicious sites, the vulnerability increases the risk of data breaches or exposure of confidential information, thereby potentially violating these regulatory requirements.
Organizations using affected versions of Jupyter Server should upgrade to version 2.18.0 to mitigate this risk and maintain compliance.
Can you explain this vulnerability to me?
CVE-2025-61669 is an open redirection vulnerability in the Jupyter Server, specifically in the `next` query parameter used during the login flow. In versions 2.17.0 and earlier, the parameter is insufficiently validated in the `LoginFormHandler._redirect_safe()` method, allowing attackers to craft URLs that redirect users to arbitrary external domains.
For example, a URL like `http://localhost:8888/login?next=///google.com` would redirect the user to google.com, even though it is an external domain. This flaw can be exploited to facilitate phishing attacks by redirecting users to malicious sites.
The vulnerability was fixed in version 2.18.0 of Jupyter Server.
How can this vulnerability impact me? :
This vulnerability can impact users by enabling attackers to redirect them to malicious external websites through crafted login URLs.
Such redirections can facilitate phishing attacks, potentially leading to credential theft or other malicious activities.
The primary impact is on the confidentiality of systems and data, especially for enterprise users handling sensitive information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the manipulation of the `next` query parameter in Jupyter Server login URLs to redirect users to arbitrary external domains.
To detect this vulnerability on your system or network, you can monitor and analyze HTTP requests to the Jupyter Server login endpoint for suspicious `next` parameter values that include external URLs or unusual patterns such as triple slashes (e.g., `///example.com`).
Example commands to detect such attempts could include using network traffic inspection tools or web server logs with grep or similar tools:
- grep -i 'login?next=///' /var/log/jupyter/jupyter_server.log
- tcpdump -A -s 0 'tcp port 8888 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'next=///'
- Use a web proxy or HTTP inspection tool (e.g., Burp Suite, Wireshark) to filter requests containing the `next` parameter with suspicious values.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade Jupyter Server to version 2.18.0 or later, where this vulnerability has been fixed.
No workarounds are available, so applying the official patch is critical to prevent exploitation.
Additionally, consider monitoring login URLs and educating users about phishing risks related to unexpected redirects.